mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-28 13:15:33 +01:00
Use internal registry url to push artifact accessory (#20575)
fixes #20565 Signed-off-by: stonezdj <stone.zhang@broadcom.com>
This commit is contained in:
stonezdj(Daojun Zhang)
GitHub
parent
6a38ed3d77
commit
e960711579
12
.github/workflows/CI.yml
vendored
12
.github/workflows/CI.yml
vendored
@ -5,7 +5,7 @@ env:
|
|||||||
POSTGRESQL_USR: postgres
|
POSTGRESQL_USR: postgres
|
||||||
POSTGRESQL_PWD: root123
|
POSTGRESQL_PWD: root123
|
||||||
POSTGRESQL_DATABASE: registry
|
POSTGRESQL_DATABASE: registry
|
||||||
DOCKER_COMPOSE_VERSION: 1.23.0
|
DOCKER_COMPOSE_VERSION: 2.27.1
|
||||||
HARBOR_ADMIN: admin
|
HARBOR_ADMIN: admin
|
||||||
HARBOR_ADMIN_PASSWD: Harbor12345
|
HARBOR_ADMIN_PASSWD: Harbor12345
|
||||||
CORE_SECRET: tempString
|
CORE_SECRET: tempString
|
||||||
@ -66,7 +66,7 @@ jobs:
|
|||||||
env
|
env
|
||||||
#sudo apt install -y xvfb
|
#sudo apt install -y xvfb
|
||||||
#xvfb-run ls
|
#xvfb-run ls
|
||||||
curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
|
curl -L https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
|
||||||
chmod +x docker-compose
|
chmod +x docker-compose
|
||||||
sudo mv docker-compose /usr/local/bin
|
sudo mv docker-compose /usr/local/bin
|
||||||
IP=`hostname -I | awk '{print $1}'`
|
IP=`hostname -I | awk '{print $1}'`
|
||||||
@ -131,7 +131,7 @@ jobs:
|
|||||||
df -h
|
df -h
|
||||||
#sudo apt install -y xvfb
|
#sudo apt install -y xvfb
|
||||||
#xvfb-run ls
|
#xvfb-run ls
|
||||||
curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
|
curl -L https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
|
||||||
chmod +x docker-compose
|
chmod +x docker-compose
|
||||||
sudo mv docker-compose /usr/local/bin
|
sudo mv docker-compose /usr/local/bin
|
||||||
- name: install
|
- name: install
|
||||||
@ -186,7 +186,7 @@ jobs:
|
|||||||
df -h
|
df -h
|
||||||
#sudo apt install -y xvfb
|
#sudo apt install -y xvfb
|
||||||
#xvfb-run ls
|
#xvfb-run ls
|
||||||
curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
|
curl -L https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
|
||||||
chmod +x docker-compose
|
chmod +x docker-compose
|
||||||
sudo mv docker-compose /usr/local/bin
|
sudo mv docker-compose /usr/local/bin
|
||||||
- name: install
|
- name: install
|
||||||
@ -240,7 +240,7 @@ jobs:
|
|||||||
df -h
|
df -h
|
||||||
#sudo apt install -y xvfb
|
#sudo apt install -y xvfb
|
||||||
#xvfb-run ls
|
#xvfb-run ls
|
||||||
curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
|
curl -L https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
|
||||||
chmod +x docker-compose
|
chmod +x docker-compose
|
||||||
sudo mv docker-compose /usr/local/bin
|
sudo mv docker-compose /usr/local/bin
|
||||||
- name: install
|
- name: install
|
||||||
@ -292,7 +292,7 @@ jobs:
|
|||||||
df -h
|
df -h
|
||||||
#sudo apt install -y xvfb
|
#sudo apt install -y xvfb
|
||||||
#xvfb-run ls
|
#xvfb-run ls
|
||||||
curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
|
curl -L https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
|
||||||
chmod +x docker-compose
|
chmod +x docker-compose
|
||||||
sudo mv docker-compose /usr/local/bin
|
sudo mv docker-compose /usr/local/bin
|
||||||
IP=`hostname -I | awk '{print $1}'`
|
IP=`hostname -I | awk '{print $1}'`
|
||||||
|
|||||||
@ -22,13 +22,11 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/goharbor/harbor/src/common"
|
|
||||||
"github.com/goharbor/harbor/src/common/rbac"
|
"github.com/goharbor/harbor/src/common/rbac"
|
||||||
"github.com/goharbor/harbor/src/controller/artifact"
|
"github.com/goharbor/harbor/src/controller/artifact"
|
||||||
scanCtl "github.com/goharbor/harbor/src/controller/scan"
|
scanCtl "github.com/goharbor/harbor/src/controller/scan"
|
||||||
"github.com/goharbor/harbor/src/jobservice/job"
|
"github.com/goharbor/harbor/src/jobservice/job"
|
||||||
"github.com/goharbor/harbor/src/jobservice/logger"
|
"github.com/goharbor/harbor/src/jobservice/logger"
|
||||||
"github.com/goharbor/harbor/src/lib/config"
|
|
||||||
"github.com/goharbor/harbor/src/lib/errors"
|
"github.com/goharbor/harbor/src/lib/errors"
|
||||||
"github.com/goharbor/harbor/src/lib/log"
|
"github.com/goharbor/harbor/src/lib/log"
|
||||||
"github.com/goharbor/harbor/src/lib/orm"
|
"github.com/goharbor/harbor/src/lib/orm"
|
||||||
@ -54,7 +52,6 @@ const (
|
|||||||
func init() {
|
func init() {
|
||||||
scan.RegisterScanHanlder(v1.ScanTypeSbom, &scanHandler{
|
scan.RegisterScanHanlder(v1.ScanTypeSbom, &scanHandler{
|
||||||
GenAccessoryFunc: scan.GenAccessoryArt,
|
GenAccessoryFunc: scan.GenAccessoryArt,
|
||||||
RegistryServer: registry,
|
|
||||||
SBOMMgrFunc: func() Manager { return Mgr },
|
SBOMMgrFunc: func() Manager { return Mgr },
|
||||||
TaskMgrFunc: func() task.Manager { return task.Mgr },
|
TaskMgrFunc: func() task.Manager { return task.Mgr },
|
||||||
ArtifactControllerFunc: func() artifact.Controller { return artifact.Ctl },
|
ArtifactControllerFunc: func() artifact.Controller { return artifact.Ctl },
|
||||||
@ -67,7 +64,6 @@ func init() {
|
|||||||
// scanHandler defines the Handler to generate sbom
|
// scanHandler defines the Handler to generate sbom
|
||||||
type scanHandler struct {
|
type scanHandler struct {
|
||||||
GenAccessoryFunc func(scanRep v1.ScanRequest, sbomContent []byte, labels map[string]string, mediaType string, robot *model.Robot) (string, error)
|
GenAccessoryFunc func(scanRep v1.ScanRequest, sbomContent []byte, labels map[string]string, mediaType string, robot *model.Robot) (string, error)
|
||||||
RegistryServer func(ctx context.Context) (string, bool)
|
|
||||||
SBOMMgrFunc func() Manager
|
SBOMMgrFunc func() Manager
|
||||||
TaskMgrFunc func() task.Manager
|
TaskMgrFunc func() task.Manager
|
||||||
ArtifactControllerFunc func() artifact.Controller
|
ArtifactControllerFunc func() artifact.Controller
|
||||||
@ -96,8 +92,10 @@ func (h *scanHandler) PostScan(ctx job.Context, sr *v1.ScanRequest, _ *scanModel
|
|||||||
Registry: sr.Registry,
|
Registry: sr.Registry,
|
||||||
Artifact: sr.Artifact,
|
Artifact: sr.Artifact,
|
||||||
}
|
}
|
||||||
// the registry server url is core by default, need to replace it with real registry server url
|
scanReq.Registry.Insecure = strings.HasPrefix(scanReq.Registry.URL, "http://")
|
||||||
scanReq.Registry.URL, scanReq.Registry.Insecure = h.RegistryServer(ctx.SystemContext())
|
// the registry URL should not contain http:// or https:// prefix
|
||||||
|
scanReq.Registry.URL = strings.TrimPrefix(scanReq.Registry.URL, "http://")
|
||||||
|
scanReq.Registry.URL = strings.TrimPrefix(scanReq.Registry.URL, "https://")
|
||||||
if len(scanReq.Registry.URL) == 0 {
|
if len(scanReq.Registry.URL) == 0 {
|
||||||
return "", fmt.Errorf("empty registry server")
|
return "", fmt.Errorf("empty registry server")
|
||||||
}
|
}
|
||||||
@ -170,19 +168,6 @@ func (h *scanHandler) Update(ctx context.Context, uuid string, report string) er
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// extract server name from config, and remove the protocol prefix
|
|
||||||
func registry(ctx context.Context) (string, bool) {
|
|
||||||
cfgMgr, ok := config.FromContext(ctx)
|
|
||||||
if ok {
|
|
||||||
extURL := cfgMgr.Get(context.Background(), common.ExtEndpoint).GetString()
|
|
||||||
insecure := strings.HasPrefix(extURL, "http://")
|
|
||||||
server := strings.TrimPrefix(extURL, "https://")
|
|
||||||
server = strings.TrimPrefix(server, "http://")
|
|
||||||
return server, insecure
|
|
||||||
}
|
|
||||||
return "", false
|
|
||||||
}
|
|
||||||
|
|
||||||
// retrieveSBOMContent retrieves the "sbom" field from the raw report
|
// retrieveSBOMContent retrieves the "sbom" field from the raw report
|
||||||
func retrieveSBOMContent(rawReport string) ([]byte, *v1.Scanner, error) {
|
func retrieveSBOMContent(rawReport string) ([]byte, *v1.Scanner, error) {
|
||||||
rpt := sbom.RawSBOMReport{}
|
rpt := sbom.RawSBOMReport{}
|
||||||
|
|||||||
@ -147,7 +147,6 @@ func (suite *SBOMTestSuite) SetupSuite() {
|
|||||||
|
|
||||||
suite.handler = &scanHandler{
|
suite.handler = &scanHandler{
|
||||||
GenAccessoryFunc: mockGenAccessory,
|
GenAccessoryFunc: mockGenAccessory,
|
||||||
RegistryServer: mockGetRegistry,
|
|
||||||
SBOMMgrFunc: func() Manager { return suite.sbomManager },
|
SBOMMgrFunc: func() Manager { return suite.sbomManager },
|
||||||
TaskMgrFunc: func() task.Manager { return suite.taskMgr },
|
TaskMgrFunc: func() task.Manager { return suite.taskMgr },
|
||||||
ArtifactControllerFunc: func() artifact.Controller { return suite.artifactCtl },
|
ArtifactControllerFunc: func() artifact.Controller { return suite.artifactCtl },
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user